System and method for cyber attacks analysis and decision support
First Claim
1. A method for cyber attack risk assessment, the method comprising operating at least one hardware processor for:
- automatically conducting a cyber space external intelligence process that comprises periodically gathering intelligence on the state of a cyber landscape which is external to an organization for which the method is performed, wherein the intelligence comprises;
(a) data on threat agents that have motivation and capability to carry out a cyber attack, the data comprising at least one of;
objectives of the threat agents, capabilities of the threat agents, and resources of the threat agents, and(b) data on attack methods that are used for gaining access to critical components in a system or data in the system, wherein the gaining of access is with the intent of at least one of vandalizing, stealing, and denying access to the critical components in the system or the data in the system, respectively;
collecting organizational profile data from a user, wherein the organizational profile data comprises;
types of computerized defensive controls employed by the organization, a maturity of each of the computerized defensive controls comprising a level of fulfillment capability for each of the computerized defensive controls with respect to a control policy of the organization, and organizational assets each pertaining to a business environment and each associated with at least one of the computerized defensive controls;
computing a cyber attack risk of the organization in real time and automatically, by continuously conducting the cyber space external intelligence process and comparing the cyber space external intelligence to the organizational profile data, to compute a cyber attack risk score for each of the organizational assets; and
issuing an overachievement alert when any of the levels of fulfillment of any of the computerized defensive controls exceeds the control policy of the organization, in accordance with a recommended scoring rule, to thereby prevent a waste of fulfillment effort.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for cyber attack risk assessment, the method including operating at least one hardware processor for: collecting global cyber attack data from a networked resource; collecting organizational profile data from a user, wherein the organizational profile data includes: types of computerized defensive controls employed by the organization, a maturity of each of the computerized defensive controls, and organizational assets each pertaining to a business environment and each associated with at least one of the computerized defensive controls; and computing a cyber attack risk of the organization in real time, by continuously performing the collecting of global cyber attack data and comparing the global cyber attack data to the organizational profile data, to compute a cyber attack risk score for each of the organizational assets.
-
Citations
20 Claims
-
1. A method for cyber attack risk assessment, the method comprising operating at least one hardware processor for:
-
automatically conducting a cyber space external intelligence process that comprises periodically gathering intelligence on the state of a cyber landscape which is external to an organization for which the method is performed, wherein the intelligence comprises; (a) data on threat agents that have motivation and capability to carry out a cyber attack, the data comprising at least one of;
objectives of the threat agents, capabilities of the threat agents, and resources of the threat agents, and(b) data on attack methods that are used for gaining access to critical components in a system or data in the system, wherein the gaining of access is with the intent of at least one of vandalizing, stealing, and denying access to the critical components in the system or the data in the system, respectively; collecting organizational profile data from a user, wherein the organizational profile data comprises;
types of computerized defensive controls employed by the organization, a maturity of each of the computerized defensive controls comprising a level of fulfillment capability for each of the computerized defensive controls with respect to a control policy of the organization, and organizational assets each pertaining to a business environment and each associated with at least one of the computerized defensive controls;computing a cyber attack risk of the organization in real time and automatically, by continuously conducting the cyber space external intelligence process and comparing the cyber space external intelligence to the organizational profile data, to compute a cyber attack risk score for each of the organizational assets; and issuing an overachievement alert when any of the levels of fulfillment of any of the computerized defensive controls exceeds the control policy of the organization, in accordance with a recommended scoring rule, to thereby prevent a waste of fulfillment effort. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transient computer readable medium having stored thereon instructions that, when executed by at least one hardware processor, cause the at least one hardware processor to:
-
automatically conducting a cyber space external intelligence process that comprises periodically gathering intelligence on the state of a cyber landscape which is external to an organization for which the method is performed, wherein the intelligence comprises; (a) data on threat agents that have motivation and capability to carry out a cyber attack, the data comprising at least one of;
objectives of the threat agents, capabilities of the threat agents, and resources of the threat agents, and(b) data on attack methods that are used for gaining access to critical components in a system or data in the system, wherein the gaining of access is with the intent of at least one of vandalizing, stealing, and denying access to the critical components in the system or the data in the system, respectively; collect organizational profile data from a user, wherein the organizational profile data comprises types of computerized defensive controls employed by the organization, a maturity of each of the computerized defensive controls comprising a level of fulfillment capability for each of the computerized defensive controls with respect to the control policy of the organization, and organizational assets each associated with at least one of the computerized defensive controls; compute a cyber attack risk of the organization in real time and automatically, by continuously conducting the cyber space external intelligence process and comparing the cyber space external intelligence to the organizational profile data, to compute a cyber attack risk score for each of the organizational assets; and issuing an overachievement alert when any of the levels of fulfillment of any of the computerized defensive controls exceeds the control policy of the organization, in accordance with a recommended scoring rule, to thereby prevent a waste of fulfillment effort. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A decision support system comprising at least one hardware processor configured to:
-
automatically conducting a cyber space external intelligence process that comprises periodically gathering intelligence on the state of a cyber landscape which is external to an organization for which the method is performed, wherein the intelligence comprises; (a) data on threat agents that have motivation and capability to carry out a cyber attack, the data comprising at least one of;
objectives of the threat agents, capabilities of the threat agents, and resources of the threat agents, and(b) data on attack methods that are used for gaining access to critical components in a system or data in the system, wherein the gaining of access is with the intent of at least one of vandalizing, stealing, and denying access to the critical components in the system or the data in the system, respectively; collect organizational profile data from a user, wherein the organizational profile data comprises types of computerized defensive controls employed by the organization, a maturity of each of the computerized defensive controls comprising a level of fulfillment capability for each of the computerized defensive controls with respect to the control policy of the organization, and organizational assets each associated with at least one of the computerized defensive controls; compute a cyber attack risk of the organization in real time an automatically, by continuously performing said cyber space external intelligence process and comparing the cyber space external intelligence to the organizational profile data, to compute a cyber attack risk score for each of the organizational assets; supporting a decision on improvement of one or more of the computerized defensive controls by providing a risk simulator configured to compute an effect of improving one or more of the computerized defensive controls on the cyber attack risk score; and issuing an overachievement alert when any of the levels of fulfillment of any of the computerized defensive controls exceeds the control policy of the organization, in accordance with a recommended scoring rule, to thereby prevent a waste of fulfillment effort. - View Dependent Claims (18, 19, 20)
-
Specification